Yeah, this is why I don't use those services. oAuth is an option, but even twitter doing something trivial themselves would be nice, like I proposed here a while back:
http://lets.coozi.com.au/content/token-based_authentication_for_api_access.html On Sun, Jan 4, 2009 at 5:06 PM, Elias Bizannes <[email protected]> wrote: > > Hi everyone, > > I personally believe Twitter is being irresponsible by creating an > ecosystem off their API without creating appropriate safeguards to > protect users like us. I am looking for some Aussie bloggers to help > me make some noise. The silicon beach community literally turned the > fight against the clean feed to a whole new level, so I'm looking for > us do it again by creating a better Internet through example. > > Quick background: > For you to give access to things like third party apps (like Twhirl), > you need to give up your login and password. As has been reported in > the tech news this last week, there have been security breaches of > people taking your Twitter password and selling it and the like. A > simple change to their API can avoid this bad password anti-pattern. > > With delegated authunentication or through the use of an open standard > called "oAuth" you can actually allow websites to access your data > without you needing to give up your password (by simply giving them > permission through the Twitter interface). What happens is that > instead of you punching in your password, and giving some random your > personal details which they can then take advantage of, you can > instead have them request Twitter for authorisation, and you can > simply click a button saying "approved". > > I will be posting something on the DataPortability Project's blog > about the issue and hope to give it some attention. The more people we > have posting a synchronised blog post, the better chances we can turn > this into news and get them to pull out their finger out. I know for a > fact the only reason they are not doing this is because they don't > give it a high enough priority - but of course they don't, as it's not > them hurting but us. With a bit of awareness, we can make people > realise there is a simple way to fix a very serious issue, which is > comprimising your online identity. > > I've already had to change my passwords a few times due to third party > apps, and I am sick of doing it, and it annoys me when I know I don't > need to do it! > > Please contact me if you are willing to participate. For those looking > to get a bit more exposure of their blogs, this is a good way to do > it :) > > Thanks! > Elias > > > -- noon silky http://www.boxofgoodfeelings.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Silicon Beach Australia" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/silicon-beach-australia?hl=en -~----------~----~----~----~------~----~------~--~---
